Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
Internet Society © 1992–2016
IoT Security
Shernon Osepa,
Manager Regional Affairs Latin America & the Caribbean
@ShernonOsepa
35th CANTO AGM and Mini Exhibition
28 January 2019
Georgetown, Guyana
Presentation title – Client name
Challenges and Opportunities
“An Open, Globally-Connected, Trustworthy, and Secure Internet for
Everyone”
Why does Internet Society care?
2
• Cyber security
• Threats
• IoT
Some definitions
3
“preventative methods to protect information from being stolen, compromised
or attacked in some other way”;
What is Cybersecurity?
4
Applications
5
Technical
• Malware
• Ransomware
• DDOS
• Botnets
Non technical
• Social
• Economic
Image credit: FileCloud
The Threats
6
What should we do about it?
7
“An Open,
Globally-Connected,
Trustworthy,
and Secure Internet for
Everyone”
IoT Security
8
• Despite the buzz, no single definition!
refers to scenarios where network connectivity and computing capability
extends to objects, sensors and everyday items not normally considered
computers, allowing these devices to generate, exchange and consume
data with minimal human intervention.
• Functionally: The extension of network connectivity and computing capability
to a variety of objects, devices, sensors and everyday items allowing them to
generate/exchange data, often with remote with data analytic/management
capabilities.
• As Value: Data & what can be done with it.
• As a Vision: The realization of a “hyper-connected” world.
What is IoT really?
9
Leaves
Trunk/branches
Roots
A Tree Ecosystem
10
Computers, Networks, and “Things” not new…….
11
If it’s not new, why now?: A Confluence of Market Trends
UBIQUITOUS CONNECTIVITY
WIDESPREADADOPTION OF IP
COMPUTING ECONOMICS
MINIATURIZATION
ADVANCES IN DATA ANALYTICSUBIQUITOUS
CONNECTIVITY
WIDESPREAD ADOPTION OF IP
COMPUTING ECONOMICS
MINIATURIZATION
ADVANCES IN DATA
ANALYTICS
RISE OF CLOUD COMPUTING
12
Applications
Software
(gateways/processors)
Technology (sensors)
The IoT Ecosystem
13
1. Smart home
2. Smart wearables
3. IoT Solutions For Smart City
4. Smart Grids
5. Industrial Internet
6. Smarter Automotive Industry
7. Smart Health Care Systems
8. Smart Retail
9. Smart Supply Chain
10. Agriculture
11. Many more
The IoT Ecosystem (Applications)
14
Software (gateways/processors)
Intel-Edison/Galileo
Qualcomm-Snapdragon
Raspberry Pi 3
Chip RB
Marvell-MW302
Cypress-Bluetooth IoT kit
Samsung ARTIK
And many more….
The IoT Ecosystem Software (gateways)
15
Technology (sensors)
Honeywell
Grayhill
Intel
Qualcomm
Many more…
The IoT Ecosystem (technology)
16
The challenges we face
The number of IoT devices and systems
connected to the Internet will be more
than
2.5x the global population
by 2020 (Gartner).
(Others, 30 - 50 Billion by 2025)
Used with permission. http://www.geekculture.com/joyoftech/joyarchives/2340.html
As more and more
devices are
connected, privacy
and security risks
increase.
• Security
• Privacy
• Interoperability and Standards
• Legal, regulatory and rights
• Emerging economies and
development
Key IoT Challenges
20
Key Challenge: IoT Ecosystem
21
Three Dimensions:
• Combination of devices, apps,
platforms & services
• Data flows, touch points
& disclosures
• Lack of defined standards
Impacts on Sustainability Issues:
• Lifecycle supportability
• Data retention / ownership
Interoperability and Standards
22
New devices, new vulnerabilities
• Device Cost/Size/Functionality
• Volume of identical devices
(homogeneity)
• Long service life (often extending far
beyond supported lifetime)
• No or limited upgradability or patching
• Physical security vulnerabilities
• Access
• Limited user interfaces (UI)
• Limited visibility into, or control over,
internal workings
• Embedded devices
• Unintended uses
• BYOIoT
23
The attributes of many IoT devices present new and unique security challenges
compared to traditional computing systems.
Legal, regulatory and rights
24
Emerging economies and
development
25
Who is responsible?
26
Developers and users of IoT
devices and systems have a
collective obligation to
ensure they do not expose
others and the Internet itself
to potential harm
To scale up we need a
collective approach,
addressing security challenges
on all fronts.
What we’re doing about it
There are two ways to view IoT Security
Outward Security
Focus on potential harms that
compromised devices and systems can
inflict on the Internet and other users
Inward Security
Focus on potential harms to the health,
safety, and privacy of device users and
their property stemming from
compromised IoT devices and systems
28
•OTA was founded in 2004
• developed technical standards to fight spam;
• advance Secure Sockets Layer (SSL) and email authentication
best practices;
• has introduced a foundation for a future IoT certification
programme;
• and has worked on measures to address online fraud.
•An initiative of the Internet Society (ISOC), as of 5
April 2017!
•will help improve security and data privacy for users (ISOC’s trust
agenda)
What is the Online Trust Alliance?
29
•Annual Online Trust Audit;
• Cyber Incident Response Guide;
• Internet of Things (IoT) Trust Framework.
Some OTA’s initiatives
30
• Measureable principles vs. standards
development
• Consumer grade devices (home, office
and wearables)
• Address known vulnerabilities and IoT
threats
• Actionable and vendor neutral
Online Trust Alliance IoT Security & Privacy Trust
Framework
31
https://otalliance.org/iot/
Online Trust Alliance IoT Security Resources
32
ISOC “IoT Trust by Design” Campaign
1
Work with manufacturers
and suppliers to adopt
and implement the OTA
IoT Trust Framework
2
Mobilize consumers to
drive demand for
security and privacy
capabilities as a market
differentiator
3
Encourage policy and
regulations to push for
better security and
privacy features in IoT
33
OTA IoT Trust Framework implementation
- Best practices and toolkits
- Implementation guide
- Training for ISOC and community
34
Activity highlights
Research
- Paper on IoT Security for Policymakers
- Policy research: mapping the IoT policy/regulatory
landscape
- Economic study on IoT security externalities
- Study on “consumer grade” IoT markets, to better
understand manufacturing trends and consumer
behaviour
Outreach to policy makers
- Regional engagement in strategic countries
- Global and regional events
- Workshops and capacity building
- Thought pieces and articles
Global, regional and local partnerships
- Security-minded IoT alliances
- Certification organizations
- Civil society organizations
- Organizations that review consumer products
- Internet Society community
Closing Thoughts
35
36
Visit us at
www.internetsociety.org
Follow us
@internetsociety
Galerie Jean-Malbuisson 15,
CH-1204 Geneva,
Switzerland.
+41 22 807 1444
1775 Wiehle Avenue,
Suite 201, Reston, VA
20190-5108 USA.
+1 703 439 2120
Thank you.
Shernon Osepa
Manager Regional Affairs Latin America & the
Caribbean
@ShernonOsepa37